<?php
/*
 * login.php
 * Retral/CSCD494 Winter 2009
 * Eastern Washington University
 *
 * File Description:
 * 
 * Runs the PL/SQL package CSCD494.user_functions, and sets session based on return codes (see code for specific documentation)
 *
 * Sets the following sessions:
 * loggedIn - The name of the user, or ID if student
 * roleCode - Role Code (defined in DB)
 * For Non-Students:
 *   userID - the ID of the user
 *   pagePermissions - an associative array of each page the user with that role can access
 * 
 * Other:
 * 
 */
 
//Include session handlers
include_once("www-hidden/sessionstart.php");
?>


<html>
<head>
<title>Logon</title>
</head>
<body>
<?php
error_reporting(0); //suppress all warnings/errors

//Uncomment these next two lines for every warning/error you could get (DEBUG Only)

/*
error_reporting(E_ALL);
ini_set('display_errors', '1');
*/

  if ($conn = @oci_connect(ORA_CON_UN, ORA_CON_PW, ORA_CON_DB))
  {

  // Declare input variables.
  if (isset ($_POST['fname']) && isset ($_POST['lname']) && isset ($_POST['passwd']) && isset($_POST['ape_user']))
  {
	$fname = $_POST['fname'];
	$lname = $_POST['lname'];
	$pass_hash = sha1($_POST['passwd']);


	$query = "BEGIN user_functions.do_login_user(:fname, :lname, :pass, :status, :user_id); END;";

	//Strip special characters
	$query = strip_special_characters($query);
    $s = oci_parse($conn,$query);

    oci_bind_by_name($s,':fname',$fname,20);
    oci_bind_by_name($s,':lname',$lname,20);
    oci_bind_by_name($s,':pass',$pass_hash,40);
	oci_bind_by_name($s,':status',$status,3);
	oci_bind_by_name($s,':user_id',$user_id,20);
    // Execute the PL/SQL statement.
    oci_execute($s);

	$err = oci_error($s);
//	var_dump($err);

		if ($status == "OKA")
		{
			//session_start();
			$_SESSION['loggedIn'] = $fname . " " . $lname;
			$_SESSION['roleCode'] = "admin";
			$_SESSION['userID'] = $user_id;
			
			//Get page role permissions into session
			$page_query = "SELECT PAGE_NAME FROM NAV_URLS WHERE ADMIN=1";
			$page_query = strip_special_characters($page_query);
			
			$p = oci_parse($conn,$page_query);
			
			if (!oci_execute($p))
				echo "Error setting page permissions";
			
			
			while ($result = oci_fetch_assoc($p))
			{
				$pageName = strtoupper($result['PAGE_NAME']);
				$_SESSION['pagePermissions'][$pageName] = 1;
			}
			
			//$_SESSION['pagePermissions'] = $result;
			
			echo "<META http-equiv=\"refresh\" content=\"0;URL=index.php?\">";
			//echo "You are now logged in. <a href=\"index.php\">Continue</a>";
		}
		else if ($status == "OKF")
		{
			$_SESSION['loggedIn'] = $fname . " " . $lname;
			$_SESSION['roleCode'] = "faculty";
			$_SESSION['userID'] = $user_id;
			
			
			//Get page role permissions into session
			$page_query = "SELECT PAGE_NAME FROM NAV_URLS WHERE FACUL=1";
			$page_query = strip_special_characters($page_query);
			
			$p = oci_parse($conn,$page_query);
			
			if (!oci_execute($p))
				echo "Error setting page permissions";
			
			
			while ($result = oci_fetch_assoc($p))
			{
				$pageName = strtoupper($result['PAGE_NAME']);
				$_SESSION['pagePermissions'][$pageName] = 1;
			}
			
			
			echo "<META http-equiv=\"refresh\" content=\"0;URL=index.php?\">";
		}
		else
		{
			echo "<META http-equiv=\"refresh\" content=\"0;URL=index.php?page=login&failed=true&ld=0\">";
		}
	}
	else if (isset ($_POST['sid']) && isset ($_POST['passwd']) && isset($_POST['student_user']))
  {
	$sid = $_POST['sid'];
	$pass_hash = sha1($_POST['passwd']);
	

	$query = "BEGIN user_functions.do_login_student(:student_id, :pass, :status); END;";
	

	//Strip special characters
	$query = strip_special_characters($query);
    $s = oci_parse($conn,$query);

    oci_bind_by_name($s,':student_id',$sid,20);
    oci_bind_by_name($s,':pass',$pass_hash,40);
	oci_bind_by_name($s,':status',$status,3);

    // Execute the PL/SQL statement.
    oci_execute($s);
	
		if ($status == "OK")
		{
			//session_start();
			$_SESSION['loggedIn'] = $sid;
			$_SESSION['roleCode'] = "student";
			echo "<META http-equiv=\"refresh\" content=\"0;URL=index.php\">";
		}
		else
		{
			echo "<META http-equiv=\"refresh\" content=\"0;URL=index.php?page=login&failed=true&ld=1\">";
		}
	}
	else
	{
		echo "<META http-equiv=\"refresh\" content=\"0;URL=index.php?page=login&failed=true&ld=0\">";
	}

	oci_close($conn);
  }
  else
  {
    // Assign the OCI error and format double and single quotes.
    $errorMessage = oci_error();
    print htmlentities($errorMessage['message'])."<br />";
  }

  // Strip special characters, like carriage or line returns and tabs.
  function strip_special_characters($str)
  {
    $out = "";
    for ($i = 0;$i < strlen($str);$i++)
      if ((ord($str[$i]) != 9) && (ord($str[$i]) != 10) &&
          (ord($str[$i]) != 13))
        $out .= $str[$i];

    // Return character only strings.
    return $out;
  }
?>

</body>
</html>
